<html> <head> <style></style></head> <body class='hmmessage'><div dir='ltr'>I did try the exact steps from the blog but alas still it did not work. getting same error :(<div><br><div><br></div><div> <p class="p1"><span class="s1">p-172-31-29-153.us-west-2.compute.internal: Insufficient access: Insufficient 'write' privilege to the 'member' attribute of entry 'cn=my-hostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'.</span></p><p class="p1"><span class="s1"><br></span></p><p class="p1">Regards,</p><p class="p1">Deepak</p><br><div>> Date: Tue, 30 Aug 2016 13:04:07 +0300<br>> From: abokovoy@redhat.com<br>> To: deepak_dimri@hotmail.com<br>> CC: freeipa-users@redhat.com<br>> Subject: Re: [Freeipa-users] Permission not working as expected<br>> <br>> On Tue, 30 Aug 2016, Deepak Dimri wrote:<br>> >Hi Alexander,<br>> >Thanks for the reply<br>> >i tried exact steps below but it still not working. the admin user<br>> >added to new role and privilege we have created is getting an error<br>> >when trying to add or remove host of myhostgroup.<br>> >ip-172-31-29-153.us-west-2.compute.internal: Insufficient access:<br>> >Insufficient 'write' privilege to the 'member' attribute of entry<br>> >'cn=myhostgroup,cn=hostgroups,cn=accounts,dc=us-west-2,dc=compute,dc=amazonaws,dc=com'.<br>> >not sure if DN (memberOf=cn=myhostgroup,cn=ng,cn=alt,dc=ipa,dc=ad,dc=test) would make any difference? I also noticed i dont get Permission flags: V2, SYSTEM in my ipa output. not sure if that would make any difference<br>> >I would really appreciate if this can be resolved...<br>> Read the other emails I sent in this thread.<br>> <br>> The whole story is here:<br>> https://vda.li/en/posts/2016/08/30/Creating-permissions-in-FreeIPA/<br>> <br>> -- <br>> / Alexander Bokovoy<br></div></div></div> </div></body> </html>